From 5d48aba7b65dfad09bfc639e3434f03227b8bd50 Mon Sep 17 00:00:00 2001 From: Prasanna Kumar Kalever Date: Tue, 11 Apr 2017 16:41:33 +0530 Subject: create: support 'auth enable' option This patch add support to enable auth while create. The schematics of authentication setting for/while create, looks like $ gluster-block create block-test/sample-block ha 1 auth enable \ 192.168.0.105 1GiB --json-pretty { "IQN":"iqn.2016-12.org.gluster-block:dc6cca79-f9b7-44f5-acaf-ac81c9cc7c2e", "USERNAME":"dc6cca79-f9b7-44f5-acaf-ac81c9cc7c2e", "PASSWORD":"ae48635a-6902-454c-949a-f2ad0e056086", "PORTAL(S)":[ "192.168.0.105:3260" ], "RESULT":"SUCCESS" } Change-Id: Ib8f5ddd904cb879e0ee05f6a7c3c381c6615a0e4 Fixes: #5 Signed-off-by: Prasanna Kumar Kalever --- rpc/block_svc_routines.c | 67 +++++++++++++++++++++++++++++++++++++++--------- rpc/rpcl/block.x | 3 +++ 2 files changed, 58 insertions(+), 12 deletions(-) (limited to 'rpc') diff --git a/rpc/block_svc_routines.c b/rpc/block_svc_routines.c index 8b3eaea..c3875c8 100644 --- a/rpc/block_svc_routines.c +++ b/rpc/block_svc_routines.c @@ -481,6 +481,10 @@ glusterBlockCreateRemote(void *data) GB_METAUPDATE_OR_GOTO(lock, args->glfs, cobj.block_name, cobj.volume, ret, errMsg, out, "%s: CONFIGSUCCESS\n", args->addr); + if (cobj.auth_mode) { + GB_METAUPDATE_OR_GOTO(lock, args->glfs, cobj.block_name, cobj.volume, + ret, errMsg, out, "%s: AUTHENFORCED\n", args->addr); + } out: if (!args->reply) { @@ -1059,6 +1063,7 @@ glusterBlockAuditRequest(struct glfs *glfs, for (i = 0; i < info->nhosts; i++) { switch (blockMetaStatusEnumParse(info->list[i]->status)) { case GB_CONFIG_SUCCESS: + case GB_AUTH_ENFORCED: successcnt++; break; case GB_CONFIG_INPROGRESS: @@ -1286,7 +1291,7 @@ blockResponse * block_modify_cli_1_svc(blockModifyCli *blk, struct svc_req *rqstp) { int ret = -1; - static blockModify mobj; + static blockModify mobj = {0}; static blockRemoteModifyResp *savereply = NULL; static blockResponse *reply = NULL; struct glfs *glfs; @@ -1421,13 +1426,15 @@ block_modify_cli_1_svc(blockModifyCli *blk, struct svc_req *rqstp) } void -blockCreateCliFormatResponse(blockCreateCli *blk, int errCode, - char *errMsg, blockRemoteCreateResp *savereply, +blockCreateCliFormatResponse(blockCreateCli *blk, struct blockCreate *cobj, + int errCode, char *errMsg, + blockRemoteCreateResp *savereply, struct blockResponse *reply) { json_object *json_obj = NULL; json_object *json_array = NULL; char *tmp = NULL; + char *tmp2 = NULL; char *portals = NULL; int i = 0; @@ -1448,6 +1455,12 @@ blockCreateCliFormatResponse(blockCreateCli *blk, int errCode, json_obj = json_object_new_object(); json_object_object_add(json_obj, "IQN", json_object_new_string(savereply->iqn)); + if (blk->auth_mode) { + json_object_object_add(json_obj, "USERNAME", + json_object_new_string(cobj->gbid)); + json_object_object_add(json_obj, "PASSWORD", + json_object_new_string(cobj->passwd)); + } json_array = json_object_new_array(); @@ -1511,12 +1524,21 @@ blockCreateCliFormatResponse(blockCreateCli *blk, int errCode, } } - GB_ASPRINTF(&reply->out, "IQN: %s\nPORTAL(S): %s\n%sRESULT: %s\n", - savereply->iqn, portals, tmp?tmp:"", errCode?"FAIL":"SUCCESS"); + if (blk->auth_mode) { + if (GB_ASPRINTF(&tmp2, "USERNAME: %s\nPASSWORD: %s\n", + cobj->gbid, cobj->passwd) == 1) { + goto out; + } + } + + GB_ASPRINTF(&reply->out, "IQN: %s\n%sPORTAL(S): %s\n%sRESULT: %s\n", + savereply->iqn, blk->auth_mode?tmp2:"", portals, tmp?tmp:"", + errCode?"FAIL":"SUCCESS"); } out: GB_FREE(tmp); + GB_FREE(tmp2); return; } @@ -1527,8 +1549,9 @@ block_create_cli_1_svc(blockCreateCli *blk, struct svc_req *rqstp) uuid_t uuid; blockRemoteCreateResp *savereply = NULL; char gbid[UUID_BUF_SIZE]; - static blockCreate cobj; - static blockResponse *reply; + char passwd[UUID_BUF_SIZE]; + struct blockCreate cobj = {0}; + struct blockResponse *reply; struct glfs *glfs = NULL; struct glfs_fd *lkfd = NULL; blockServerDefPtr list = NULL; @@ -1610,6 +1633,17 @@ block_create_cli_1_svc(blockCreateCli *blk, struct svc_req *rqstp) cobj.size = blk->size; strcpy(cobj.gbid, gbid); + if (blk->auth_mode) { + uuid_generate(uuid); + uuid_unparse(uuid, passwd); + + strcpy(cobj.passwd, passwd); + cobj.auth_mode = 1; + + GB_METAUPDATE_OR_GOTO(lock, glfs, blk->block_name, blk->volume, + errCode, errMsg, exist, "PASSWORD: %s\n", passwd); + } + errCode = glusterBlockCreateRemoteAsync(list, 0, blk->mpath, glfs, &cobj, &savereply); if (errCode) { @@ -1652,7 +1686,7 @@ block_create_cli_1_svc(blockCreateCli *blk, struct svc_req *rqstp) } optfail: - blockCreateCliFormatResponse(blk, errCode, errMsg, savereply, reply); + blockCreateCliFormatResponse(blk, &cobj, errCode, errMsg, savereply, reply); GB_FREE(errMsg); blockServerDefFree(list); glfs_fini(glfs); @@ -1672,6 +1706,7 @@ block_create_1_svc(blockCreate *blk, struct svc_req *rqstp) char *lun = NULL; char *portal = NULL; char *attr = NULL; + char *authcred = NULL; char *exec = NULL; blockResponse *reply = NULL; @@ -1716,16 +1751,23 @@ block_create_1_svc(blockCreate *blk, struct svc_req *rqstp) goto out; } - if (GB_ASPRINTF(&attr, "%s/%s%s/tpg1 set attribute %s", + if (GB_ASPRINTF(&attr, "%s/%s%s/tpg1 set attribute %s %s", GB_TGCLI_ISCSI, GB_TGCLI_IQN_PREFIX, blk->gbid, - GB_TGCLI_ATTRIBUTES) == -1) { + blk->auth_mode?"authentication=1":"", GB_TGCLI_ATTRIBUTES) == -1) { goto out; } - if (GB_ASPRINTF(&exec, "%s && %s && %s && %s && %s && %s && %s", + if (blk->auth_mode && + GB_ASPRINTF(&authcred, "&& %s/%s%s/tpg1 set auth userid=%s " + "password=%s > %s", GB_TGCLI_ISCSI, GB_TGCLI_IQN_PREFIX, + blk->gbid, blk->gbid, blk->passwd, DEVNULLPATH) == -1) { + goto out; + } + + if (GB_ASPRINTF(&exec, "%s && %s && %s && %s && %s && %s %s && %s", GB_TGCLI_GLOBALS, backstore, iqn, lun, portal, attr, - GB_TGCLI_SAVE) == -1) { + blk->auth_mode?authcred:"", GB_TGCLI_SAVE) == -1) { goto out; } @@ -1753,6 +1795,7 @@ block_create_1_svc(blockCreate *blk, struct svc_req *rqstp) out: GB_FREE(exec); + GB_FREE(authcred); GB_FREE(attr); GB_FREE(portal); GB_FREE(lun); diff --git a/rpc/rpcl/block.x b/rpc/rpcl/block.x index df29542..ddf381d 100644 --- a/rpc/rpcl/block.x +++ b/rpc/rpcl/block.x @@ -18,8 +18,10 @@ struct blockCreate { char ipaddr[255]; char volume[255]; char gbid[127]; /* uuid */ + char passwd[127]; /* uuid */ u_quad_t size; char block_name[255]; + bool auth_mode; }; struct blockModify { @@ -34,6 +36,7 @@ struct blockCreateCli { char volume[255]; u_quad_t size; u_int mpath; /* HA request count */ + bool auth_mode; char block_name[255]; string block_hosts<>; enum JsonResponseFormat json_resp; -- cgit